mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Fixes Python3 support for --chunked (drei)
This commit is contained in:
parent
4cf14c80eb
commit
8c57b9cd4c
|
@ -193,6 +193,25 @@ class ReqHandler(BaseHTTPRequestHandler):
|
|||
data = self.rfile.read(length)
|
||||
data = unquote_plus(data.decode(UNICODE_ENCODING, "ignore"))
|
||||
self.data = data
|
||||
elif self.headers.get("Transfer-encoding") == "chunked":
|
||||
data, line = b"", b""
|
||||
count = 0
|
||||
|
||||
while True:
|
||||
line += self.rfile.read(1)
|
||||
if line.endswith(b'\n'):
|
||||
if count % 2 == 1:
|
||||
current = line.rstrip(b"\r\n")
|
||||
if not current:
|
||||
break
|
||||
else:
|
||||
data += current
|
||||
|
||||
count += 1
|
||||
line = b""
|
||||
|
||||
self.data = data.decode(UNICODE_ENCODING, "ignore")
|
||||
|
||||
self.do_REQUEST()
|
||||
|
||||
def log_message(self, format, *args):
|
||||
|
|
|
@ -26,10 +26,12 @@ from lib.core.common import readInput
|
|||
from lib.core.common import shellExec
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.convert import stdoutEncode
|
||||
from lib.core.data import conf
|
||||
from lib.core.option import _setHTTPHandlers
|
||||
from lib.core.option import setVerbosity
|
||||
from lib.core.settings import IS_WIN
|
||||
from lib.request.templates import getPageTemplate
|
||||
from thirdparty import six
|
||||
from thirdparty.six.moves import http_client as _http_client
|
||||
|
||||
def dirtyPatches():
|
||||
|
@ -40,6 +42,17 @@ def dirtyPatches():
|
|||
# accept overly long result lines (e.g. SQLi results in HTTP header responses)
|
||||
_http_client._MAXLINE = 1 * 1024 * 1024
|
||||
|
||||
# prevent double chunked encoding in case of sqlmap chunking (Note: Python3 does it automatically if 'Content-length' is missing)
|
||||
if six.PY3:
|
||||
if not hasattr(_http_client.HTTPConnection, "__send_output"):
|
||||
_http_client.HTTPConnection.__send_output = _http_client.HTTPConnection._send_output
|
||||
def _send_output(self, *args, **kwargs):
|
||||
if conf.chunked and "encode_chunked" in kwargs:
|
||||
kwargs["encode_chunked"] = False
|
||||
self.__send_output(*args, **kwargs)
|
||||
|
||||
_http_client.HTTPConnection._send_output = _send_output
|
||||
|
||||
# add support for inet_pton() on Windows OS
|
||||
if IS_WIN:
|
||||
from thirdparty.wininetpton import win_inet_pton
|
||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.4.1.52"
|
||||
VERSION = "1.4.1.53"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -52,6 +52,7 @@ def vulnTest():
|
|||
("-l <log> --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
|
||||
("-l <log> --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")),
|
||||
("-u <url> --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3.")),
|
||||
("-u <url> --flush-session --data='id=1' --banner --chunked -v 5", ("Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Transfer-encoding: chunked")),
|
||||
("-u <url> --flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")),
|
||||
("-u <url> --flush-session -H 'Foo: Bar' -H 'Sna: Fu' --data='<root><param name=\"id\" value=\"1*\"/></root>' --union-char=1 --mobile --answers='smartphone=3' --banner --smart -v 5", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Nexus", "Sna: Fu", "Foo: Bar")),
|
||||
("-u <url> --flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")),
|
||||
|
|
Loading…
Reference in New Issue
Block a user